// Copyright 2020 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package subtle_test

import (
	"bytes"
	"encoding/hex"
	"fmt"
	"testing"

	"github.com/google/tink/go/prf/subtle"
	"github.com/google/tink/go/testutil"
)

func TestVectorsRFC4493(t *testing.T) {
	// Test vectors from RFC 4493.
	key, err := hex.DecodeString("2b7e151628aed2a6abf7158809cf4f3c")
	if err != nil {
		t.Errorf("Could not decode key: %v", err)
	}
	data, err := hex.DecodeString("6bc1bee22e409f96e93d7e117393172aae2d8a571e03ac9c9eb76fac45af8e5130c81c46a35ce411e5fbc1191a0a52eff69f2445df4f9b17ad2b417be66c3710")
	if err != nil {
		t.Errorf("Could not decode data: %v", err)
	}
	expected := map[int]string{
		0:  "bb1d6929e95937287fa37d129b756746",
		16: "070a16b46b4d4144f79bdd9dd04a287c",
		40: "dfa66747de9ae63030ca32611497c827",
		64: "51f0bebf7e3b9d92fc49741779363cfe",
	}
	a, err := subtle.NewAESCMACPRF(key)
	if err != nil {
		t.Errorf("Could not create cmac.AES object: %v", err)
	}
	for l, e := range expected {
		output, err := a.ComputePRF(data[:l], 16)
		if err != nil {
			t.Errorf("Error computing AES-CMAC: %v", err)
		}
		if hex.EncodeToString(output) != e {
			t.Errorf("Computation and test vector differ. Computation: %q, Test Vector %q", hex.EncodeToString(output), e)
		}
	}
}

func TestAESCMACPRFWycheproofCases(t *testing.T) {
	testutil.SkipTestIfTestSrcDirIsNotSet(t)
	suite := new(macSuite)
	if err := testutil.PopulateSuite(suite, "aes_cmac_test.json"); err != nil {
		t.Fatalf("Failed populating suite: %s", err)
	}
	for _, group := range suite.TestGroups {
		groupName := fmt.Sprintf("%s-%s(%d)", suite.Algorithm, group.Type, group.KeySize)
		if group.TagSize%8 != 0 {
			t.Errorf("For %s, requested tag size is not a multiple of 8, but %d", groupName, group.TagSize)
			continue
		}

		for _, test := range group.Tests {
			caseName := fmt.Sprintf("%s:Case-%d", groupName, test.CaseID)
			t.Run(caseName, func(t *testing.T) {
				if uint32(len(test.Key))*8 != group.KeySize {
					t.Fatalf("Invalid key length: %s", test.Comment)
				}

				aes, err := subtle.NewAESCMACPRF(test.Key)
				switch test.Result {
				case "valid":
					if err != nil {
						t.Fatalf("NewAESCMACPRF failed (case: %s):  %v", test.Comment, err)
					}
					res, err := aes.ComputePRF(test.Message, group.TagSize/8)
					if err != nil {
						t.Fatalf("ComputePRF() failed: %v", err)
					}
					if !bytes.Equal(res, test.Tag) {
						t.Errorf("ComputePRF() result and expected result do not match:\nComputed: %q\nExpected: %q", hex.EncodeToString(res), test.Tag)
					}

				case "invalid":
					if err != nil {
						return
					}
					res, err := aes.ComputePRF(test.Message, group.TagSize/8)
					if err != nil {
						return
					}
					if bytes.Equal(res, test.Tag) {
						t.Errorf("ComputePRF() result and invalid expected result match:\nComputed: %q\nExpected: %q", hex.EncodeToString(res), test.Tag)
					}

				default:
					t.Fatalf("Unsupported test result: %q", test.Result)
				}
			})
		}
	}
}

func TestValidateAESCMACPRFParams(t *testing.T) {
	if err := subtle.ValidateAESCMACPRFParams(32); err != nil {
		t.Errorf("Unexpected error validating AES CMAC PRF Params: %v", err)
	}
	if err := subtle.ValidateAESCMACPRFParams(2); err == nil {
		t.Errorf("Unexpected validation of too short key for AES CMAC PRF Params")
	}
}

func TestKeyLength(t *testing.T) {
	if _, err := subtle.NewAESCMACPRF([]byte{0x01, 0x02}); err == nil {
		t.Errorf("Expected NewAESCMACPRF to fail on short key")
	}
	if _, err := subtle.NewAESCMACPRF([]byte{
		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}); err != nil {
		t.Errorf("Expected NewAESCMACPRF to work on 16 byte key")
	}
	if _, err := subtle.NewAESCMACPRF([]byte{
		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10}); err != nil {
		t.Errorf("Expected NewAESCMACPRF to work on 32 byte key")
	}
}

func TestAESCMACPRFOutputLength(t *testing.T) {
	prf, err := subtle.NewAESCMACPRF([]byte{
		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10,
		0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
		0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10})
	if err != nil {
		t.Errorf("Expected NewAESCMACPRF to work on 32 byte key")
	}
	for i := 0; i <= 16; i++ {
		output, err := prf.ComputePRF([]byte{0x01, 0x02}, uint32(i))
		if err != nil {
			t.Errorf("Expected to be able to compute AES CMAC PRF with %d output length", i)
		}
		if len(output) != i {
			t.Errorf("Expected AES CMAC PRF to compute %d bytes, got %d", i, len(output))
		}
	}
	for i := 17; i < 32; i++ {
		_, err := prf.ComputePRF([]byte{0x01, 0x02}, uint32(i))
		if err == nil {
			t.Errorf("Expected to not be able to compute AES CMAC PRF with %d output length", i)
		}
	}
}
